Understanding exactly how a computer virus works is not a simple task. Here's a generic explanation:
Let's imagine a desk clerk coming to work every day to his office. Everyday he finds a stack of papers with a list of tasks that he must fulfill during his work day. He takes the top paper from the stack, reads the instructions, follows them carefully, then throws the "used" paper into the wastebasket and continues to the next task. Now, suppose a bad guy sneaks into the office and inserts a paper into the stack with his own task which goes like this: "Copy this paper two times and put the copies into your neighbors' stacks". This is approximately the scenario according to which the computer virus works.
A computer, like a desk clerk, carefully fulfills all the commands contained in the program (task lists), starting with the first one. If the first instruction is "copy my body into two other programs", the computer will do so, and the virus command will now be in two other programs. When the computer starts running other "infected" programs, the virus will continue to spread to all over the computers in a similar manner. In the above scenario, about a desk clerk and his office, our paper virus does not check whether another stack of papers is infected or not. Therefore, by the end of the working day, all the office will be overrun by piles of such copies and the clerks will have nothing else to do but copy the same text and give it to their neighbors. The result of all this...the first clerk makes two copies of the paper, the next victims of the virus makes four copies, then 8, 16, 32, 64 and so on.
Types of Computer Viruses
Resident Viruses
This type of virus is a permanent which dwells in the RAM. From there it can overcome and interrupt all the operations executed by the system: corrupting files and programs that are opened, closed, copied, renamed etc.
Examples include: Randex, CMJ, Meve, and MrKlunky.
Direct Action Viruses
The main purpose of this virus is to replicate and take action when it is executed. When a specific condition is met, the virus will go into action and infect files in the directory or folder that it is in and in directories that are specified in the AUTOEXEC.BAT file PATH. This batch file is always located in the root directory of the hard disk and carries out certain operations when the computer is booted.
Overwrite Viruses
Virus of this kind is characterized by the fact that it deletes the information contained in the files that it infects, rendering them partially or totally useless once they have been infected.
The only way to clean a file infected by an overwrite virus is to delete the file completely, thus losing the original content.
Examples of this virus include: Way, Trj.Reboot, Trivial.88.D.
Boot Virus
This type of virus affects the boot sector of a floppy or hard disk. This is a crucial part of a disk, in which information on the disk itself is stored together with a program that makes it possible to boot (start) the computer from the disk.
The best way of avoiding boot viruses is to ensure that floppy disks are write-protected and never start your computer with an unknown floppy disk in the disk drive.
Examples of boot viruses include: Polyboot.B, AntiEXE.
Macro Virus
Macro viruses infect files that are created using certain applications or programs that contain macros. These mini-programs make it possible to automate series of operations so that they are performed as a single action, thereby saving the user from having to carry them out one by one.
Examples of macro viruses: Relax, Melissa.A, Bablas, O97M/Y2K.
Directory Virus
Directory viruses change the paths that indicate the location of a file. By executing a program (file with the extension .EXE or .COM) which has been infected by a virus, you are unknowingly running the virus program, while the original file and program have been previously moved by the virus.
Once infected it becomes impossible to locate the original files.
Polymorphic Virus
Polymorphic viruses encrypt or encode themselves in a different way (using different algorithms and encryption keys) every time they infect a system.
This makes it impossible for anti-viruses to find them using string or signature searches (because they are different in each encryption) and also enables them to create a large number of copies of themselves.
Examples include: Elkern, Marburg, Satan Bug, and Tuareg.
File Infectors
This type of virus infects programs or executable files (files with an .EXE or .COM extension). When one of these programs is run, directly or indirectly, the virus is activated, producing the damaging effects it is programmed to carry out. The majority of existing viruses belong to this category, and can be classified depending on the actions that they carry out.
Companion Viruses
Companion viruses can be considered file infector viruses like resident or direct action types. They are known as companion viruses because once they get into the system they "accompany" the other files that already exist. In other words, in order to carry out their infection routines, companion viruses can wait in memory until a program is run (resident viruses) or act immediately by making copies of themselves (direct action viruses).
Some examples include: Stator, Asimov.1539, and Terrax.1069
FAT Virus
The file allocation table or FAT is the part of a disk used to connect information and is a vital part of the normal functioning of the computer.
This type of virus attack can be especially dangerous, by preventing access to certain sections of the disk where important files are stored. Damage caused can result in information losses from individual files or even entire directories.
Worms
A worm is a program very similar to a virus; it has the ability to self-replicate, and can lead to negative effects on your system and most importantly they are detected and eliminated by antiviruses.
Examples of worms include: PSWBugbear.B, Lovgate.F, Trile.C, Sobig.D, Mapson.
Trojans or Trojan Horses
Another unsavory breed of malicious code are Trojans or Trojan horses, which unlike viruses do not reproduce by infecting other files, nor do they self-replicate like worms.
Logic Bombs
They are not considered viruses because they do not replicate. They are not even programs in their own right but rather camouflaged segments of other programs.
Their objective is to destroy data on the computer once certain conditions have been met. Logic bombs go undetected until launched, and the results can be destructive.
.png)
